Day: November 17, 2017

While performing a web application penetration test, I stumbled upon a parameter with some base64 encoded data within a POST parameter. Curious as to what it was, I send it over to Burp decoder. After two rounds of URL decoding and one round of Base64 decoding, I had what appeared to be a serialized Java…